oAuth 2.0 refresh_token fail


I have obtained a valid access token. like this:

“access_token”: “eyJhbGciOiJIUzUxMiJ9jNWVjIn0.9bhbYhldRA”,
“token_type”: “bearer”,
“refresh_token”: “eyJhbGciOiJIUzUxMiJ9.eyJhdWQM3bFZEZlRgtKEb7pjqIA”,
“expires_in”: 3599,
“scope”: "user:write:admin user:read:admin recording:write:admin dashboard:read:admin report:read:admin "

But token can only be used for an hour, and it will fail.

So, I want to refresh the token, but keep reporting errors, as shown below:

    <head><title>400 Bad Request</title></head>
    <body bgcolor=“white”>
        <center><h1>400 Bad Request</h1></center>


Here’s my implementation: I developed the application using the Java language.

String clientWord = zoomClientId + “:” + zoomClientSecret;
// base64 encode
String encodedText = base64.encodeToString(clientWord.getBytes(“UTF-8”));
// add “Basic” (like obtain an OAuth token opt)
String base64ClientWord = "Basic " + encodedText;
// send http post
HttpPost httpPost = new HttpPost(“https://zoom.us/oauth/token?grant_type=refresh_token&refresh_token=” + refreshToken);
httpPost.setHeader(“Content-Type”, “application/x-www-form-urlencoded”);
// add header ahth
httpPost.setHeader(“Authorization”, base64ClientWord);
response = httpClient.execute(httpPost);


Hi Sam, 

I just tried the refresh token using POSTman and it worked on my end. Just replace the refresh token with yours and Basic with your clientID & clientSecret. 

curl -X POST \
https://zoom.us/oauth/token?grant_type=refresh_token&refresh_token=eyJhbGciOidfeffef’ \
-H ‘Authorization: Basic RkxoSWxOUTJgddgdfgdfgdf’ \
-H ‘Cache-Control: no-cache’ \

Have you tried making a curl command or using within POSTman?



Thanks Nigel for responding. I executed both my program and curl command successfully,

but I don’t know why the previous operation  always failed.

Should the authorization of the production environment be updated every hour?  

It would be troublesome to update the token hourly after my application is released.


Hi Sam, 

After the access token has expired usually after an hour, you will need to use the refresh token to get a new access token to make additional calls. For enterprise security reasons tokens have a short lifespan to prevent any unauthorized usage.